apiVersion: v1 items: - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: cluster-admin rules: - apiGroups: - '*' attributeRestrictions: null resources: - '*' verbs: - '*' - apiGroups: null attributeRestrictions: null nonResourceURLs: - '*' resources: [] verbs: - '*' - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: sudoer rules: - apiGroups: - "" attributeRestrictions: null resourceNames: - system:admin resources: - systemusers verbs: - impersonate - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: cluster-reader rules: - apiGroups: - "" attributeRestrictions: null resources: - bindings - componentstatuses - configmaps - endpoints - events - limitranges - namespaces - namespaces/status - nodes - nodes/status - persistentvolumeclaims - persistentvolumeclaims/status - persistentvolumes - persistentvolumes/status - pods - pods/binding - pods/eviction - pods/log - pods/status - podtemplates - replicationcontrollers - replicationcontrollers/scale - replicationcontrollers/status - resourcequotas - resourcequotas/status - securitycontextconstraints - serviceaccounts - services - services/status verbs: - get - list - watch - apiGroups: - apps attributeRestrictions: null resources: - petsets - petsets/status verbs: - get - list - watch - apiGroups: - autoscaling attributeRestrictions: null resources: - horizontalpodautoscalers - horizontalpodautoscalers/status verbs: - get - list - watch - apiGroups: - batch attributeRestrictions: null resources: - jobs - jobs/status - scheduledjobs - scheduledjobs/status verbs: - get - list - watch - apiGroups: - extensions attributeRestrictions: null resources: - daemonsets - daemonsets/status - deployments - deployments/scale - deployments/status - horizontalpodautoscalers - horizontalpodautoscalers/status - ingresses - ingresses/status - jobs - jobs/status - networkpolicies - podsecuritypolicies - replicasets - replicasets/scale - replicasets/status - replicationcontrollers - replicationcontrollers/scale - storageclasses - thirdpartyresources verbs: - get - list - watch - apiGroups: - policy attributeRestrictions: null resources: - poddisruptionbudgets - poddisruptionbudgets/status verbs: - get - list - watch - apiGroups: - storage.k8s.io attributeRestrictions: null resources: - storageclasses verbs: - get - list - watch - apiGroups: - certificates.k8s.io attributeRestrictions: null resources: - certificatesigningrequests - certificatesigningrequests/approval - certificatesigningrequests/status verbs: - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - clusterpolicies - clusterpolicybindings - clusterrolebindings - clusterroles - policies - policybindings - rolebindingrestrictions - rolebindings - roles verbs: - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - buildconfigs - buildconfigs/webhooks - builds - builds/details - builds/log verbs: - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - deploymentconfigs - deploymentconfigs/log - deploymentconfigs/scale - deploymentconfigs/status verbs: - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - images - imagesignatures - imagestreamimages - imagestreams - imagestreams/status - imagestreamtags verbs: - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - imagestreams/layers verbs: - get - apiGroups: - "" attributeRestrictions: null resources: - oauthclientauthorizations verbs: - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - projectrequests - projects verbs: - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - appliedclusterresourcequotas - clusterresourcequotas - clusterresourcequotas/status verbs: - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - routes - routes/status verbs: - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - clusternetworks - egressnetworkpolicies - hostsubnets - netnamespaces verbs: - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - processedtemplates - templateconfigs - templates verbs: - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - groups - identities - useridentitymappings - users verbs: - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - localresourceaccessreviews - localsubjectaccessreviews - resourceaccessreviews - selfsubjectrulesreviews - subjectaccessreviews - subjectrulesreviews verbs: - create - apiGroups: - authentication.k8s.io attributeRestrictions: null resources: - tokenreviews verbs: - create - apiGroups: - "" attributeRestrictions: null resources: - podsecuritypolicyreviews - podsecuritypolicyselfsubjectreviews - podsecuritypolicysubjectreviews verbs: - create - apiGroups: - "" attributeRestrictions: null resources: - nodes/metrics - nodes/spec verbs: - get - apiGroups: - "" attributeRestrictions: null resources: - nodes/stats verbs: - create - get - apiGroups: null attributeRestrictions: null nonResourceURLs: - '*' resources: [] verbs: - get - apiGroups: - "" attributeRestrictions: null resources: - buildlogs verbs: - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - resourcequotausages verbs: - get - list - watch - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: system:build-strategy-docker rules: - apiGroups: - "" attributeRestrictions: null resources: - builds/docker verbs: - create - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: system:build-strategy-custom rules: - apiGroups: - "" attributeRestrictions: null resources: - builds/custom verbs: - create - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: system:build-strategy-source rules: - apiGroups: - "" attributeRestrictions: null resources: - builds/source verbs: - create - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: system:build-strategy-jenkinspipeline rules: - apiGroups: - "" attributeRestrictions: null resources: - builds/jenkinspipeline verbs: - create - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: storage-admin rules: - apiGroups: - "" attributeRestrictions: null resources: - persistentvolumes verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - storage.k8s.io attributeRestrictions: null resources: - storageclasses verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - "" attributeRestrictions: null resources: - events - persistentvolumeclaims verbs: - get - list - watch - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: admin rules: - apiGroups: - "" attributeRestrictions: null resources: - pods - pods/attach - pods/exec - pods/portforward - pods/proxy verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - "" attributeRestrictions: null resources: - configmaps - endpoints - persistentvolumeclaims - replicationcontrollers - replicationcontrollers/scale - secrets - serviceaccounts - services - services/proxy verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - "" attributeRestrictions: null resources: - bindings - events - limitranges - namespaces - namespaces/status - pods/log - pods/status - replicationcontrollers/status - resourcequotas - resourcequotas/status verbs: - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - serviceaccounts verbs: - impersonate - apiGroups: - autoscaling attributeRestrictions: null resources: - horizontalpodautoscalers verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - batch attributeRestrictions: null resources: - jobs - scheduledjobs verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - extensions attributeRestrictions: null resources: - deployments - deployments/rollback - deployments/scale - horizontalpodautoscalers - jobs - replicasets - replicasets/scale - replicationcontrollers/scale verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - extensions attributeRestrictions: null resources: - daemonsets verbs: - get - list - watch - apiGroups: - apps attributeRestrictions: null resources: - petsets verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - "" attributeRestrictions: null resources: - rolebindings - roles verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - "" attributeRestrictions: null resources: - localresourceaccessreviews - localsubjectaccessreviews - subjectrulesreviews verbs: - create - apiGroups: - "" attributeRestrictions: null resources: - podsecuritypolicyreviews - podsecuritypolicyselfsubjectreviews - podsecuritypolicysubjectreviews verbs: - create - apiGroups: - "" attributeRestrictions: null resources: - policies - policybindings - rolebindingrestrictions verbs: - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - buildconfigs - buildconfigs/webhooks - builds verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - "" attributeRestrictions: null resources: - builds/log verbs: - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - buildconfigs/instantiate - buildconfigs/instantiatebinary - builds/clone verbs: - create - apiGroups: - build.openshift.io attributeRestrictions: null resources: - jenkins verbs: - admin - edit - view - apiGroups: - "" attributeRestrictions: null resources: - deploymentconfigs - deploymentconfigs/scale - generatedeploymentconfigs verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - "" attributeRestrictions: null resources: - deploymentconfigrollbacks - deploymentconfigs/instantiate - deploymentconfigs/rollback verbs: - create - apiGroups: - "" attributeRestrictions: null resources: - deploymentconfigs/log - deploymentconfigs/status verbs: - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - imagestreamimages - imagestreammappings - imagestreams - imagestreams/secrets - imagestreamtags verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - "" attributeRestrictions: null resources: - imagestreams/status verbs: - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - imagestreams/layers verbs: - get - update - apiGroups: - "" attributeRestrictions: null resources: - imagestreamimports verbs: - create - apiGroups: - "" attributeRestrictions: null resources: - projects verbs: - delete - get - patch - update - apiGroups: - "" attributeRestrictions: null resources: - appliedclusterresourcequotas verbs: - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - routes verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - "" attributeRestrictions: null resources: - routes/status verbs: - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - routes/status verbs: - update - apiGroups: - "" attributeRestrictions: null resources: - processedtemplates - templateconfigs - templates verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - "" attributeRestrictions: null resources: - buildlogs verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - "" attributeRestrictions: null resources: - resourcequotausages verbs: - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - resourceaccessreviews - subjectaccessreviews verbs: - create - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: edit rules: - apiGroups: - "" attributeRestrictions: null resources: - pods - pods/attach - pods/exec - pods/portforward - pods/proxy verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - "" attributeRestrictions: null resources: - configmaps - endpoints - persistentvolumeclaims - replicationcontrollers - replicationcontrollers/scale - secrets - serviceaccounts - services - services/proxy verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - "" attributeRestrictions: null resources: - bindings - events - limitranges - namespaces - namespaces/status - pods/log - pods/status - replicationcontrollers/status - resourcequotas - resourcequotas/status verbs: - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - serviceaccounts verbs: - impersonate - apiGroups: - autoscaling attributeRestrictions: null resources: - horizontalpodautoscalers verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - batch attributeRestrictions: null resources: - jobs - scheduledjobs verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - extensions attributeRestrictions: null resources: - deployments - deployments/rollback - deployments/scale - horizontalpodautoscalers - jobs - replicasets - replicasets/scale - replicationcontrollers/scale verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - extensions attributeRestrictions: null resources: - daemonsets verbs: - get - list - watch - apiGroups: - apps attributeRestrictions: null resources: - petsets verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - "" attributeRestrictions: null resources: - buildconfigs - buildconfigs/webhooks - builds verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - "" attributeRestrictions: null resources: - builds/log verbs: - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - buildconfigs/instantiate - buildconfigs/instantiatebinary - builds/clone verbs: - create - apiGroups: - build.openshift.io attributeRestrictions: null resources: - jenkins verbs: - edit - view - apiGroups: - "" attributeRestrictions: null resources: - deploymentconfigs - deploymentconfigs/scale - generatedeploymentconfigs verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - "" attributeRestrictions: null resources: - deploymentconfigrollbacks - deploymentconfigs/instantiate - deploymentconfigs/rollback verbs: - create - apiGroups: - "" attributeRestrictions: null resources: - deploymentconfigs/log - deploymentconfigs/status verbs: - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - imagestreamimages - imagestreammappings - imagestreams - imagestreams/secrets - imagestreamtags verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - "" attributeRestrictions: null resources: - imagestreams/status verbs: - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - imagestreams/layers verbs: - get - update - apiGroups: - "" attributeRestrictions: null resources: - imagestreamimports verbs: - create - apiGroups: - "" attributeRestrictions: null resources: - projects verbs: - get - apiGroups: - "" attributeRestrictions: null resources: - appliedclusterresourcequotas verbs: - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - routes verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - "" attributeRestrictions: null resources: - routes/status verbs: - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - processedtemplates - templateconfigs - templates verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - "" attributeRestrictions: null resources: - buildlogs verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - "" attributeRestrictions: null resources: - resourcequotausages verbs: - get - list - watch - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: view rules: - apiGroups: - "" attributeRestrictions: null resources: - configmaps - endpoints - persistentvolumeclaims - pods - replicationcontrollers - serviceaccounts - services verbs: - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - bindings - events - limitranges - namespaces - namespaces/status - pods/log - pods/status - replicationcontrollers/status - resourcequotas - resourcequotas/status verbs: - get - list - watch - apiGroups: - autoscaling attributeRestrictions: null resources: - horizontalpodautoscalers verbs: - get - list - watch - apiGroups: - batch attributeRestrictions: null resources: - jobs - scheduledjobs verbs: - get - list - watch - apiGroups: - extensions attributeRestrictions: null resources: - deployments - deployments/scale - horizontalpodautoscalers - jobs - replicasets - replicasets/scale verbs: - get - list - watch - apiGroups: - extensions attributeRestrictions: null resources: - daemonsets verbs: - get - list - watch - apiGroups: - apps attributeRestrictions: null resources: - petsets verbs: - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - buildconfigs - buildconfigs/webhooks - builds verbs: - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - builds/log verbs: - get - list - watch - apiGroups: - build.openshift.io attributeRestrictions: null resources: - jenkins verbs: - view - apiGroups: - "" attributeRestrictions: null resources: - deploymentconfigs - deploymentconfigs/scale verbs: - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - deploymentconfigs/log - deploymentconfigs/status verbs: - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - imagestreamimages - imagestreammappings - imagestreams - imagestreamtags verbs: - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - imagestreams/status verbs: - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - projects verbs: - get - apiGroups: - "" attributeRestrictions: null resources: - appliedclusterresourcequotas verbs: - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - routes verbs: - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - routes/status verbs: - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - processedtemplates - templateconfigs - templates verbs: - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - buildlogs verbs: - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - resourcequotausages verbs: - get - list - watch - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: basic-user rules: - apiGroups: - "" attributeRestrictions: null resourceNames: - "~" resources: - users verbs: - get - apiGroups: - "" attributeRestrictions: null resources: - projectrequests verbs: - list - apiGroups: - "" attributeRestrictions: null resources: - clusterroles verbs: - get - list - apiGroups: - storage.k8s.io attributeRestrictions: null resources: - storageclasses verbs: - list - apiGroups: - "" attributeRestrictions: null resources: - projects verbs: - list - watch - apiGroups: - "" attributeRestrictions: null resources: - selfsubjectrulesreviews verbs: - create - apiGroups: - "" attributeRestrictions: apiVersion: v1 kind: IsPersonalSubjectAccessReview resources: - localsubjectaccessreviews - subjectaccessreviews verbs: - create - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: self-access-reviewer rules: - apiGroups: - "" attributeRestrictions: null resources: - selfsubjectrulesreviews verbs: - create - apiGroups: - "" attributeRestrictions: apiVersion: v1 kind: IsPersonalSubjectAccessReview resources: - localsubjectaccessreviews - subjectaccessreviews verbs: - create - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: self-provisioner rules: - apiGroups: - "" attributeRestrictions: null resources: - projectrequests verbs: - create - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: cluster-status rules: - apiGroups: null attributeRestrictions: null nonResourceURLs: - /healthz - /healthz/* resources: [] verbs: - get - apiGroups: null attributeRestrictions: null nonResourceURLs: - /.well-known - /.well-known/* - /api - /api/* - /apis - /apis/* - /oapi - /oapi/* - /osapi - /osapi/ - /version - /version/* resources: [] verbs: - get - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: system:image-auditor rules: - apiGroups: - "" attributeRestrictions: null resources: - images verbs: - get - list - patch - update - watch - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: system:image-puller rules: - apiGroups: - "" attributeRestrictions: null resources: - imagestreams/layers verbs: - get - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: system:image-pusher rules: - apiGroups: - "" attributeRestrictions: null resources: - imagestreams/layers verbs: - get - update - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: system:image-builder rules: - apiGroups: - "" attributeRestrictions: null resources: - imagestreams/layers verbs: - get - update - apiGroups: - "" attributeRestrictions: null resources: - imagestreams verbs: - create - apiGroups: - "" attributeRestrictions: null resources: - builds/details verbs: - update - apiGroups: - "" attributeRestrictions: null resources: - builds verbs: - get - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: system:image-pruner rules: - apiGroups: - "" attributeRestrictions: null resources: - pods - replicationcontrollers verbs: - get - list - apiGroups: - "" attributeRestrictions: null resources: - limitranges verbs: - list - apiGroups: - "" attributeRestrictions: null resources: - buildconfigs - builds verbs: - get - list - apiGroups: - "" attributeRestrictions: null resources: - deploymentconfigs verbs: - get - list - apiGroups: - "" attributeRestrictions: null resources: - images verbs: - delete - apiGroups: - "" attributeRestrictions: null resources: - images - imagestreams verbs: - get - list - apiGroups: - "" attributeRestrictions: null resources: - imagestreams/status verbs: - update - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: system:image-signer rules: - apiGroups: - "" attributeRestrictions: null resources: - images - imagestreams/layers verbs: - get - apiGroups: - "" attributeRestrictions: null resources: - imagesignatures verbs: - create - delete - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: system:deployer rules: - apiGroups: - "" attributeRestrictions: null resources: - replicationcontrollers verbs: - get - list - update - watch - apiGroups: - "" attributeRestrictions: null resources: - pods verbs: - create - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - pods/log verbs: - get - apiGroups: - "" attributeRestrictions: null resources: - events verbs: - create - list - apiGroups: - "" attributeRestrictions: null resources: - imagestreamtags verbs: - update - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: system:master rules: - apiGroups: - '*' attributeRestrictions: null resources: - '*' verbs: - '*' - apiGroups: null attributeRestrictions: null nonResourceURLs: - '*' resources: [] verbs: - '*' - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: system:oauth-token-deleter rules: - apiGroups: - "" attributeRestrictions: null resources: - oauthaccesstokens - oauthauthorizetokens verbs: - delete - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: system:router rules: - apiGroups: - "" attributeRestrictions: null resources: - endpoints verbs: - list - watch - apiGroups: - "" attributeRestrictions: null resources: - services verbs: - list - watch - apiGroups: - "" attributeRestrictions: null resources: - routes verbs: - list - watch - apiGroups: - "" attributeRestrictions: null resources: - routes/status verbs: - update - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: system:registry rules: - apiGroups: - "" attributeRestrictions: null resources: - limitranges - resourcequotas verbs: - list - apiGroups: - "" attributeRestrictions: null resources: - images - imagestreamtags verbs: - delete - get - apiGroups: - "" attributeRestrictions: null resources: - imagestreamimages - imagestreams/secrets verbs: - get - apiGroups: - "" attributeRestrictions: null resources: - imagestreams verbs: - get - update - apiGroups: - "" attributeRestrictions: null resources: - imagestreammappings verbs: - create - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: system:node-proxier rules: - apiGroups: - "" attributeRestrictions: null resources: - endpoints - services verbs: - list - watch - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: system:node-admin rules: - apiGroups: - "" attributeRestrictions: null resources: - nodes verbs: - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - nodes verbs: - proxy - apiGroups: - "" attributeRestrictions: null resources: - nodes/log - nodes/metrics - nodes/proxy - nodes/spec - nodes/stats verbs: - '*' - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: system:node-reader rules: - apiGroups: - "" attributeRestrictions: null resources: - nodes verbs: - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - nodes/metrics - nodes/spec verbs: - get - apiGroups: - "" attributeRestrictions: null resources: - nodes/stats verbs: - create - get - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: system:node rules: - apiGroups: - authentication.k8s.io attributeRestrictions: null resources: - tokenreviews verbs: - create - apiGroups: - "" attributeRestrictions: null resources: - localsubjectaccessreviews - subjectaccessreviews verbs: - create - apiGroups: - "" attributeRestrictions: null resources: - services verbs: - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - nodes verbs: - create - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - nodes/status verbs: - update - apiGroups: - "" attributeRestrictions: null resources: - events verbs: - create - patch - update - apiGroups: - "" attributeRestrictions: null resources: - pods verbs: - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - pods verbs: - create - delete - get - apiGroups: - "" attributeRestrictions: null resources: - pods/status verbs: - update - apiGroups: - "" attributeRestrictions: null resources: - configmaps - secrets verbs: - get - apiGroups: - "" attributeRestrictions: null resources: - persistentvolumeclaims - persistentvolumes verbs: - get - apiGroups: - "" attributeRestrictions: null resources: - endpoints verbs: - get - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: system:sdn-reader rules: - apiGroups: - "" attributeRestrictions: null resources: - egressnetworkpolicies - hostsubnets - netnamespaces verbs: - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - namespaces - nodes verbs: - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - clusternetworks verbs: - get - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: system:sdn-manager rules: - apiGroups: - "" attributeRestrictions: null resources: - hostsubnets - netnamespaces verbs: - create - delete - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - clusternetworks verbs: - create - get - apiGroups: - "" attributeRestrictions: null resources: - nodes verbs: - get - list - watch - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: system:webhook rules: - apiGroups: - "" attributeRestrictions: null resources: - buildconfigs/webhooks verbs: - create - get - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: system:discovery rules: - apiGroups: null attributeRestrictions: null nonResourceURLs: - /.well-known - /.well-known/* - /api - /api/* - /apis - /apis/* - /oapi - /oapi/* - /osapi - /osapi/ - /version - /version/* resources: [] verbs: - get - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: registry-admin rules: - apiGroups: - "" attributeRestrictions: null resources: - secrets - serviceaccounts verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - "" attributeRestrictions: null resources: - imagestreamimages - imagestreammappings - imagestreams - imagestreams/secrets - imagestreamtags verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - "" attributeRestrictions: null resources: - imagestreamimports verbs: - create - apiGroups: - "" attributeRestrictions: null resources: - imagestreams/layers verbs: - get - update - apiGroups: - "" attributeRestrictions: null resources: - rolebindings - roles verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - "" attributeRestrictions: null resources: - localresourceaccessreviews - localsubjectaccessreviews - subjectrulesreviews verbs: - create - apiGroups: - "" attributeRestrictions: null resources: - policies - policybindings verbs: - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - namespaces verbs: - get - apiGroups: - "" attributeRestrictions: null resources: - projects verbs: - delete - get - apiGroups: - "" attributeRestrictions: null resources: - resourceaccessreviews - subjectaccessreviews verbs: - create - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: registry-editor rules: - apiGroups: - "" attributeRestrictions: null resources: - secrets - serviceaccounts verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - "" attributeRestrictions: null resources: - imagestreamimages - imagestreammappings - imagestreams - imagestreams/secrets - imagestreamtags verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - "" attributeRestrictions: null resources: - imagestreamimports verbs: - create - apiGroups: - "" attributeRestrictions: null resources: - imagestreams/layers verbs: - get - update - apiGroups: - "" attributeRestrictions: null resources: - namespaces verbs: - get - apiGroups: - "" attributeRestrictions: null resources: - projects verbs: - get - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: registry-viewer rules: - apiGroups: - "" attributeRestrictions: null resources: - imagestreamimages - imagestreammappings - imagestreams - imagestreamtags verbs: - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - imagestreams/layers verbs: - get - apiGroups: - "" attributeRestrictions: null resources: - namespaces verbs: - get - apiGroups: - "" attributeRestrictions: null resources: - projects verbs: - get - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: system:build-controller rules: - apiGroups: - "" attributeRestrictions: null resources: - builds verbs: - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - builds verbs: - update - apiGroups: - "" attributeRestrictions: null resources: - builds/custom - builds/docker - builds/jenkinspipeline - builds/source verbs: - create - apiGroups: - "" attributeRestrictions: null resources: - imagestreams verbs: - get - apiGroups: - "" attributeRestrictions: null resources: - pods verbs: - create - delete - get - list - apiGroups: - "" attributeRestrictions: null resources: - events verbs: - create - patch - update - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: system:daemonset-controller rules: - apiGroups: - extensions attributeRestrictions: null resources: - daemonsets verbs: - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - pods verbs: - list - watch - apiGroups: - "" attributeRestrictions: null resources: - nodes verbs: - list - watch - apiGroups: - extensions attributeRestrictions: null resources: - daemonsets/status verbs: - update - apiGroups: - "" attributeRestrictions: null resources: - pods verbs: - create - delete - apiGroups: - "" attributeRestrictions: null resources: - pods/binding verbs: - create - apiGroups: - "" attributeRestrictions: null resources: - events verbs: - create - patch - update - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: system:deployment-controller rules: - apiGroups: - extensions attributeRestrictions: null resources: - deployments verbs: - get - list - update - watch - apiGroups: - extensions attributeRestrictions: null resources: - deployments/status verbs: - update - apiGroups: - extensions attributeRestrictions: null resources: - replicasets verbs: - create - delete - get - list - update - watch - apiGroups: - "" attributeRestrictions: null resources: - pods verbs: - get - list - update - watch - apiGroups: - "" attributeRestrictions: null resources: - events verbs: - create - patch - update - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: system:deploymentconfig-controller rules: - apiGroups: - "" attributeRestrictions: null resources: - replicationcontrollers verbs: - list - watch - apiGroups: - "" attributeRestrictions: null resources: - replicationcontrollers verbs: - get - update - apiGroups: - "" attributeRestrictions: null resources: - pods verbs: - create - delete - get - list - update - watch - apiGroups: - "" attributeRestrictions: null resources: - events verbs: - create - patch - update - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: system:disruption-controller rules: - apiGroups: - extensions attributeRestrictions: null resources: - deployments verbs: - list - watch - apiGroups: - extensions attributeRestrictions: null resources: - replicasets verbs: - list - watch - apiGroups: - "" attributeRestrictions: null resources: - replicationcontrollers verbs: - list - watch - apiGroups: - policy attributeRestrictions: null resources: - poddisruptionbudgets verbs: - get - list - watch - apiGroups: - policy attributeRestrictions: null resources: - poddisruptionbudgets/status verbs: - update - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: system:endpoint-controller rules: - apiGroups: - "" attributeRestrictions: null resources: - pods - services verbs: - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - endpoints verbs: - create - delete - get - list - update - apiGroups: - "" attributeRestrictions: null resources: - endpoints/restricted verbs: - create - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: system:gc-controller rules: - apiGroups: - "" attributeRestrictions: null resources: - pods verbs: - list - watch - apiGroups: - "" attributeRestrictions: null resources: - pods verbs: - delete - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: system:hpa-controller rules: - apiGroups: - extensions - autoscaling attributeRestrictions: null resources: - horizontalpodautoscalers verbs: - get - list - watch - apiGroups: - extensions - autoscaling attributeRestrictions: null resources: - horizontalpodautoscalers/status verbs: - update - apiGroups: - extensions - "" attributeRestrictions: null resources: - replicationcontrollers/scale verbs: - get - update - apiGroups: - "" attributeRestrictions: null resources: - deploymentconfigs/scale verbs: - get - update - apiGroups: - "" attributeRestrictions: null resources: - events verbs: - create - patch - update - apiGroups: - "" attributeRestrictions: null resources: - pods verbs: - list - apiGroups: - "" attributeRestrictions: null resourceNames: - 'https:heapster:' resources: - services verbs: - proxy - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: system:job-controller rules: - apiGroups: - extensions - batch attributeRestrictions: null resources: - jobs - scheduledjobs verbs: - get - list - watch - apiGroups: - extensions - batch attributeRestrictions: null resources: - jobs/status - scheduledjobs/status verbs: - update - apiGroups: - extensions - batch attributeRestrictions: null resources: - jobs verbs: - create - delete - update - apiGroups: - "" attributeRestrictions: null resources: - pods verbs: - list - watch - apiGroups: - "" attributeRestrictions: null resources: - pods verbs: - create - delete - apiGroups: - "" attributeRestrictions: null resources: - events verbs: - create - patch - update - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: system:namespace-controller rules: - apiGroups: - "" attributeRestrictions: null resources: - namespaces verbs: - delete - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - namespaces/finalize - namespaces/status verbs: - update - apiGroups: - '*' attributeRestrictions: null resources: - '*' verbs: - delete - deletecollection - get - list - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: system:pet-set-controller rules: - apiGroups: - "" attributeRestrictions: null resources: - pods verbs: - list - watch - apiGroups: - apps attributeRestrictions: null resources: - petsets verbs: - list - watch - apiGroups: - apps attributeRestrictions: null resources: - petsets verbs: - get - apiGroups: - apps attributeRestrictions: null resources: - petsets/status verbs: - update - apiGroups: - "" attributeRestrictions: null resources: - pods verbs: - create - delete - get - update - apiGroups: - "" attributeRestrictions: null resources: - persistentvolumeclaims verbs: - create - get - apiGroups: - "" attributeRestrictions: null resources: - events verbs: - create - patch - update - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: system:pv-attach-detach-controller rules: - apiGroups: - "" attributeRestrictions: null resources: - persistentvolumes verbs: - list - watch - apiGroups: - "" attributeRestrictions: null resources: - persistentvolumeclaims verbs: - list - watch - apiGroups: - "" attributeRestrictions: null resources: - nodes verbs: - list - watch - apiGroups: - "" attributeRestrictions: null resources: - nodes verbs: - get - apiGroups: - "" attributeRestrictions: null resources: - nodes/status verbs: - patch - update - apiGroups: - "" attributeRestrictions: null resources: - pods verbs: - list - watch - apiGroups: - "" attributeRestrictions: null resources: - events verbs: - create - patch - update - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: system:pv-binder-controller rules: - apiGroups: - "" attributeRestrictions: null resources: - persistentvolumes verbs: - list - watch - apiGroups: - "" attributeRestrictions: null resources: - persistentvolumes verbs: - create - delete - get - update - apiGroups: - "" attributeRestrictions: null resources: - persistentvolumes/status verbs: - update - apiGroups: - "" attributeRestrictions: null resources: - persistentvolumeclaims verbs: - list - watch - apiGroups: - "" attributeRestrictions: null resources: - persistentvolumeclaims verbs: - get - update - apiGroups: - "" attributeRestrictions: null resources: - persistentvolumeclaims/status verbs: - update - apiGroups: - "" attributeRestrictions: null resources: - pods verbs: - list - watch - apiGroups: - "" attributeRestrictions: null resources: - pods verbs: - create - delete - get - apiGroups: - "" attributeRestrictions: null resources: - events verbs: - list - watch - apiGroups: - "" attributeRestrictions: null resources: - events verbs: - create - patch - update - apiGroups: - storage.k8s.io attributeRestrictions: null resources: - storageclasses verbs: - get - list - watch - apiGroups: - "" attributeRestrictions: null resources: - endpoints - services verbs: - create - delete - get - apiGroups: - "" attributeRestrictions: null resources: - secrets verbs: - get - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: system:pv-provisioner-controller rules: - apiGroups: - "" attributeRestrictions: null resources: - persistentvolumes verbs: - list - watch - apiGroups: - "" attributeRestrictions: null resources: - persistentvolumes verbs: - create - delete - get - update - apiGroups: - "" attributeRestrictions: null resources: - persistentvolumes/status verbs: - update - apiGroups: - "" attributeRestrictions: null resources: - persistentvolumeclaims verbs: - list - watch - apiGroups: - "" attributeRestrictions: null resources: - persistentvolumeclaims verbs: - get - update - apiGroups: - "" attributeRestrictions: null resources: - persistentvolumeclaims/status verbs: - update - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: system:pv-recycler-controller rules: - apiGroups: - "" attributeRestrictions: null resources: - persistentvolumes verbs: - list - watch - apiGroups: - "" attributeRestrictions: null resources: - persistentvolumes verbs: - create - delete - get - update - apiGroups: - "" attributeRestrictions: null resources: - persistentvolumes/status verbs: - update - apiGroups: - "" attributeRestrictions: null resources: - persistentvolumeclaims verbs: - list - watch - apiGroups: - "" attributeRestrictions: null resources: - persistentvolumeclaims verbs: - get - update - apiGroups: - "" attributeRestrictions: null resources: - persistentvolumeclaims/status verbs: - update - apiGroups: - "" attributeRestrictions: null resources: - pods verbs: - list - watch - apiGroups: - "" attributeRestrictions: null resources: - pods verbs: - create - delete - get - apiGroups: - "" attributeRestrictions: null resources: - events verbs: - create - patch - update - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: system:replicaset-controller rules: - apiGroups: - extensions attributeRestrictions: null resources: - replicasets verbs: - get - list - update - watch - apiGroups: - extensions attributeRestrictions: null resources: - replicasets/status verbs: - update - apiGroups: - "" attributeRestrictions: null resources: - pods verbs: - create - delete - list - watch - apiGroups: - "" attributeRestrictions: null resources: - events verbs: - create - patch - update - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: system:replication-controller rules: - apiGroups: - "" attributeRestrictions: null resources: - replicationcontrollers verbs: - list - watch - apiGroups: - "" attributeRestrictions: null resources: - replicationcontrollers verbs: - get - update - apiGroups: - "" attributeRestrictions: null resources: - replicationcontrollers/status verbs: - update - apiGroups: - "" attributeRestrictions: null resources: - pods verbs: - list - watch - apiGroups: - "" attributeRestrictions: null resources: - pods verbs: - create - delete - apiGroups: - "" attributeRestrictions: null resources: - events verbs: - create - patch - update - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: system:service-ingress-ip-controller rules: - apiGroups: - "" attributeRestrictions: null resources: - services verbs: - list - watch - apiGroups: - "" attributeRestrictions: null resources: - services verbs: - update - apiGroups: - "" attributeRestrictions: null resources: - services/status verbs: - update - apiGroups: - "" attributeRestrictions: null resources: - events verbs: - create - patch - update - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: system:service-load-balancer-controller rules: - apiGroups: - "" attributeRestrictions: null resources: - services verbs: - list - watch - apiGroups: - "" attributeRestrictions: null resources: - services verbs: - get - apiGroups: - "" attributeRestrictions: null resources: - services/status verbs: - update - apiGroups: - "" attributeRestrictions: null resources: - nodes verbs: - list - watch - apiGroups: - "" attributeRestrictions: null resources: - events verbs: - create - patch - update - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: system:service-serving-cert-controller rules: - apiGroups: - "" attributeRestrictions: null resources: - services verbs: - list - update - watch - apiGroups: - "" attributeRestrictions: null resources: - secrets verbs: - create - get - list - update - watch - apiVersion: v1 kind: ClusterRole metadata: creationTimestamp: null name: system:unidling-controller rules: - apiGroups: - "" - extensions attributeRestrictions: null resources: - replicationcontrollers/scale verbs: - get - update - apiGroups: - extensions attributeRestrictions: null resources: - deployments/scale - replicasets/scale verbs: - get - update - apiGroups: - "" attributeRestrictions: null resources: - deploymentconfigs/scale verbs: - get - update - apiGroups: - "" attributeRestrictions: null resources: - events verbs: - list - watch - apiGroups: - "" attributeRestrictions: null resources: - endpoints verbs: - get - update - apiGroups: - "" attributeRestrictions: null resources: - replicationcontrollers verbs: - get - patch - update - apiGroups: - "" attributeRestrictions: null resources: - deploymentconfigs verbs: - get - patch - update kind: List metadata: {}